1. Setup Terraform Backends

docker-compose.yml

version: "3.8"

services:
  # service name to run in docker-compose command
  terraform:
    image: hashicorp/terraform:0.13.3

    # map all files under host dir './aws' to container dir '/infra'
    volumes:
      - ./aws:/infra

    # when we run the service, it will start from this working dir
    working_dir: /infra

    # you don't want to hard-code your secrets, you could use aws-vault to auto setup aws credentials in your session env
    environment:
      - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
      - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
      - AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN}

main.tf

provider "aws" {
  region = "ap-southeast-1"

  # https://github.com/terraform-providers/terraform-provider-aws/blob/master/CHANGELOG.md
  version = "~>3.7.0"
}

# by default, it's local backend. You need remote access and sharing,
# setup as below (easiest)
terraform {
  # https://www.terraform.io/docs/backends/types/s3.html
  backend "s3" {
    bucket = "gobike-devops-tfstate"
    key    = "gobike-devops.tfstate" # bucket key name

    dynamodb_table = "gobike-devops-tfstate-lock"
    encrypt        = true
    region         = "ap-southeast-1"
  }
}